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Description 

This invention relates to a communications network 
and. in particular, to a communications network whose 
operation is based on encrypted messages between ter- s 
minals. 

Cryptologia. Vol. 5. No, 1, January 19S1. pp 46 to 
50 by Louis Kruh describes a data security unit for two- 
way communication, performing encryption and decryp- 
tion according to the Data Encryption Standard (DES) 'o 
issued by the United States National Bureau of Stand- 
ards. An encryption/decryption device is provided at 
each terminal and the encrypted message is sent over 
the data network. A multidrop system with a single host 
terminal and a plurality of data terminals Is described, is 
and also a message switched system for communica- 
tion between multiple data terminals. 

Recently, together with the development of elec- 
tronic technology there have been developments in sys- 
tems such as home banking and shopping, and office so 
banking systems using advanced communications sys- 
tems A vital concern In regards to a communications 
network system for money transactions is the guarantee 
of secrecy and security of these transactions. It is nec- 
essary to increase the verifiability of the transactor or 25 
communication message which is transmitted and re- 
ceived between transactors through the communication 
network. 

The classical types of irregularities that can occur 
in the transmission of transactions or message are as so 
follows. 

1) False reports. A sender reports not sending to 
the receiver although In actuality a transmission 
was made, or the sender reports sending although 3S 
no transmission was made. 

2) Forgery of documents. Receiver rewrites com- 
munication message that has been recorded on the 
receiving side, or makes a forged communication 
message. ^o 

These kinds of irregularities are the basis of embez- 
zlement. 

In a prior art system. In order to prevent these irreg- 
ularities, an enciphering program such as DES (Data 
Encription Standard) is stored in each network terminal 
to prevent the forging of communication messages. This 
means that an enciphering/deciphering circuit is provid- 
ed in each terminal and that a sender, using his own key. 
enciphers a message according to this enciphering pro- so 
gram. The enciphered message is transmitted to a re- 
ceiver terminal through a communication network. On 
the receiver side, the received enciphered message Is 
recorded and deciphered in the deciphering circuit using 
a key word which is stored in a key memory and peculiar ss 
to the sender. Accordingly, assuming that the key word 
stored in the key memory on the receiver side has not 
leaked to the outside, and that the receiver has not 



forged the message, there is no one other than the send- 
er vjho knows the key word who can make the recorded 
enciphered message. Accordingly, the verifiability of the 
enciphered message stored on the receiver side is very 
high. This kind of a system where no one other than a 
specific person can prepare the message is amenable 
to the use of digital signatures. 

in general, however, it is impossible to preclude ir- 
regularities by the receiver, who knows the contents of 
the key memory and may. with the use of a computer, 
prepare the enciphering program and, with the special 
key word of a sender, prepare a false enciphered mes- 
sage. Consequently, with this kind of communications 
network. It is impossible to completely prevent irregular- 
ities from being prevented by both sides, making it dit- 
ficutt to ensure the secrecy and security of the transac- 
tions conducted over the network. 

An object of this invention is to provide a communi- 
cations network in which digital signatures can be used. 

Another object of this Invention is provide a commu- 
nications network In which the security of the transac- 
tions are ensured. 

The present invention provides a two-way commu- 
nications network system in which a plurality of trans- 
mitting terminals and one receiving terminal are con- 
nected by communication lines; 

each transmitting terminal comprises an encipher- 
ing device for enciphering a communication mes- 
sage to be transmitted by a sender to said receiving 
terminal, and transmitting means for transmitting an 
output signal of said enciphering device to said re- 
ceiving terminal via a communication tine; 
said receiving terminal comprises receiving means 
for receiving the enciphered message from said 
transmitting terminal and a deciphering device for 
deciphering the received enciphered message; 
said enciphering device comprises key merrxjry 
means for storing key data which can specify the 
sender and communication message (m) transmit- 
ted by the sender to said receiving terminal, and the 
enciphering means for enciphering, according to a 
prescribed enciphering algorithm using the key data 
stored in said key memory means, the message in- 
put from the outside to be transmined to said receiv- 
ing terminal, and for outputting the enciphered mes- 
sage and the key data which can specify the sender, 
and 

said deciphering device comprises key memory 
means for storing key data which can specify the 
sender and the communication message (m) trans- 
mitted by the sender to said receiving terminal, and 
deciphering means for deciphering, according to a 
prescribed deciphering algorithm different from the 
enciphering algorithm using the key data stored in 
said key memory means, the message transmitted 
from said transmitting terminal, and for outputting 
the deciphered message, characterised in that 
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said key memory means and enciphering means of 
said enciphering and deciphering devices are 
sealed inside said enciphering and deciphering de- 
vices respectively such thai stored key data and the 
enciphering and deciphering algorithms cannot be 
accessed from the outside. 

said receiving terminal can be used as a transmit- 
ting terminal and each of said transmitting terminals 
can be used as a receiving terminal in such a man- 
ner that a message sent from said receiving termi- 
nal to one of said transmitting terminals is enci- 
phered using the deciphering algorithm, and that 
the enciphered message is deciphered at said one 
of said transmitting terminals according to the enci- 
phering algorithm. 

This invention is a communications network in 
which a plurality of transmitter terminals (customers) are 
connected to one receiver terminal (center). The cus- 
tomer and center terminals respectively have encipher- 
ing and deciphering devices such as integrated circuit 
cards (IC cards). The enciphering device comprises key 
memory means for storing key data which can specify 
a sender of a message to be sent to the center and the 
message, and enciphering means which uses this key 
to encipher the message according to a prescribed en- 
ciphering algorithm and outputs the enciphered mes- 
sage and the key data specifying the sender The deci- 
phering device at the central terminal comprises key 
memory means for storing key data which can specify 
the sender of a message to the center and the message, 
and deciphering means which uses this key to decipher 
the message according to a prescribed deciphering al- 
gorithm and outputs the deciphered message. The en- 
ciphering and deciphering devices are sealed so that ac- 
cess from the outskJe to the key data and enciphering 
and deciphering algorithms is impossible. 

The key data lor enciphering and deciphering In- 
cludes a key word peculiar to a customer, such as the 
customer's name, a key word common to the communi- 
cations network, and a key word such as a random 
number which specifies a transaction and is sent from 
the central terminal in response to a request from the 
customer. The key word peculiar to the customer and 
the key word shared with the network are stored in the 
enciphering device in such a way that they cannot be 
rewritten. The key word common to the network cannot 
be read out. With this kind of system digital signatures 
are possible by storing the enciphered message in a 
proper form, thus ensuring the security of the transac- 
tion. 

The invention may be better understood by refer- 
ence to the drawings In which: 

Figs. 1 and 7 shows a communications network sys- 
tem according to an embodiment of this invention; 
Fig. 2 Is a schematic of customer and center termi- 
nals; 



Ftgs 3 and 4 are conceptual schematics of enci- 
phering and deciphering devices used in the cus- 
tomer and central terminals; 
Fig. 5 shows a practical arrangement of the enci- 
5 phering and deciphering devices; and 

Fig. 6 is a flowchart showing the operation of the 
system of this invention. 

Fig. 1 shows a communications network according 

10 this invention, which Is suitable for use in home banking 
and shopping systems, and office banking systems 
This network is a 1 :n system in which a plurality of cus- 
tomer terminals 11,. '^^2 -^^n located in the homes or 
businesses are connected by communication lines 13^. 

'5 I32. ..13n to a single central terminal tocated in a bank 
or department store. 

In Fig 1 a message is sent from a customer terminal 
to the central terminal. Customer terminals 11, -11 „ are 
equipped with insertable portable cards 14,-I4n. which 

so are enciphering devices, the central terminal 12 is 
equipped with a portable insertable card 15. which is a 
deciphering device. 

As shown in Fig. 2. customer terminal 1 1 comprises 
card reader/writer for reading or writing required data in 

ss card 14 when It is inserted. Input device 22, such as a 
keyboard, for inputting message M Into card 1 4 via card 
writer 21 , and communication interface 23 for modulat- 
ing the enciphered message M' prepared inside the card 
in a prescribed format for transmission via communica- 

30 tion line 13 to the central terminal. 

Central terminal 12 comprises communication in- 
terface 25. which demodulates the message sent from 
the customer via tine 13 into the enciphered message 
M*. recording device 26 such as a disc apparatus for re- 

3S cording this enciphered message, card reader^riter 27 
for reading or writing required data in card 15 when it is 
Inserted, output device 23 for printing out message M 
deciphered by card 15 inserted into card reader/writer 
27, and random number generator 29 for generating 

40 random number R, which Indicates a transaction 
number of message M produced in the customer termi- 
nal. Since the transaction number is generated at ran- 
dom the generating timing Is recorded at the central ter- 
minal. 

^ Portable enciphering device 1 4 and deciphering de- 
vice 15 may be constructed of an IC card such as that 
shown in Japanese Patent Publication No. 53-6491. A 
semiconductor Integrated circuit (LSI) is sealed in the 
card and it is Impossible to extract data other than that 

so specified. Figs. 3 and 4 are conceptual function sche- 
matics of IC card 14 used In the customer terminal and 
IC card 15 used in the central terminal. 

Card 14 of Fig. 3 may be considered to comprise 
Input/output control circuit 31 , memories 32. 33. 34, key 

55 generator 35. and enciphering circuit 56. Input/output 
control circuit 31 receives and outputs the required data 
between the card and the outside. The data that can be 
input into card 14 via input/output control circuit 31 is 
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message M and key word R. Message M is input by the 
user via the customer terminal. Key word R. which is a 
random number indicating the transacticn produced at 
the central terminal, is stored in memory 32. A person's 
key word I. which is the ID data such as the name of the 
person using the card, is stored in memory 33. Key word 
1 can only be read out; it is not possible to rewrite it. A 
common key word (number) S. which indicates the net- 
work system. Is stored In memory 34 in an unrewritable 
form. It is also impossible to read out this common key 
word S and which is known to only a very limited number 
of people, such as the issuer of the card, for example. 

Key words R. I. S stored in memories 32-34 are sup- 
plied to key generator 35. The key word generator exe- 
cutes a EXCLUSIVE OR operation on the input key 
words R. I. S and generates enciphering key word K. 
which is supplied to enciphering circuit 36 for encipher- 
ing. Enciphering circuit 36 uses this key word together 
with the message M input by the user through Input/out- 
put control circuit to produce an enciphered message 
M* according to an enciphering algorithm. This enci- 
phered message Is output from the card together with 
the user's particular key word t via input/output control 
circuit 31 , and is sent to the central terminal. 

Card 15, which is used at the central terminal, com- 
prises input/output control circuit 41, merrKsries 42. 43. 
44, key generator 45, and deciphering circuit 46. What 
should be paid attention to here is that the user's card 
1 4 is applicable only for enciphering and the central ter- 
minal card 15 is applicable only to deciphering the en- 
ciphered message. The data signal input to card 1 5 via 
input/output control circuit 41 is only enciphered mes- 
sage M'. key word R (random number) and key word 1. 
Enciphered message M' is supplied to deciphering cir- 
cuit 46. Key word R and I are stored in memories 42 and 
43, respectively. Key word S is stored in memory 44 in 
such a manner that it cannot be output from the card 
and cannot be rewritten. Key words R, I. S are supplied 
to key generator 45 which computes the EXCLUSIVE 
OR operation of the input key words In the same manner 
as that in the user's card, and generates key word K for 
deciphering. Deciphering circuit 46 uses deciphering 
key K to decipher message M' according to a prescribed 
deciphering algorithm. Deciphered message M is output 
from the card via input/output control circuit 41. 

The above was a description of the function blocks 
for cards 14 and 15 in conjunction with Figs. 3 and 4. In 
practice the cards are constructed of microprocessors. 
Fig. 5 shows a suitable construction for such a card. 
Cards 14. 15 comprise central processing unit (CPU) 
51, program memory 52 (preferably mask ROM) con- 
taining an enciphering (deciphering) program and oper- 
ating program, data memory 53 (preferably permanent 
type memory PROM), and I/O interface 54. The func- 
tions of (he key generator, enciphering (deciphering) cir- 
cuit, and input/output control circuits shown in Figs. 3 
and 4 are performed by CPU 51 responsive to program 
memory 52, and the memories for key words S and I 



correspond to data memory 53 RAM (random access 
memory) included in CPU 51 can be used for the mem- 
ory tor key word R. The program memcry of the user's 
card 1 4 stores the enciphering prograrTi and central card 

5 15 stores the deciphering program. 

The following is a description of the operatbn of the 
network system shown in Fig. 1, with reference to the 
operation flowchart of Fig. 6. 

When a customer sends message M to the centra! 

10 terminal, card 14 is set in terminal 11 as shown in block 
61. When the card is loaded into card readerAvriter 21. 
the card reader/writer requests a rarsccoi number key 
word R to the central terminal (block 52). Card 15 is al- 
ready loaded into the central terminal (block 63). The 

IS reason for this is that the customer has called the center 
via telephone indicating a wish to send a message. Card 
reader/writer 27 of central terminal 1 2 confirms the pres- 
ence of a request from the user terminal for random 
number key word R (block 64). When confirmation is 

^0 made, a random number request signal is applied to ran- 
dom number generator 29, and a ranccm number key 
word R is sent to the customer terminal (block 64). On 
the customer side key word R is stored in RAM (corre- 
sponding to memory 32 of Fig 3) of CPU 51 (block 66). 

25 The customer begins inputting message W via input de- 
vice 22 (block 67). CPU 51 enciphers the message ac- 
cording to an enciphering algorithm such as DES, using 
key words S, I. R (block 66) . If the enciphering algorithm 
which uses key data S. I, R is taken to be f, then enci- 

30 phered message M' is defined by 

M-=f^(M) = f3. , p,(M) 

where K = S © I © R. 

Enciphered message M' is sent to the central termi- 

35 nal together with the personal key word I (block 69) . Ai 
the center message M' is recorded in recording device 
26 by card reader/writer 27 (block 70). Enciphered mes- 
sage M' and personal key word I, together with random 
number key word R are input into card 15 (block 71) 

40 whose CPU deciphers message M* based on a deci- 
phering algorithm, using deciphering key data S, I. R 
(btock 72). If the deciphering algorithm is taken to be ^^ 
the the deciphered message M can be expressed by 

= '"'s...r('s.,.r(M)1 
where, the same as with the enciphering algorithm. K = 
S © 1 © R. In the DES system, the f * ^^ condition is 
so satisfied. Namely, it is necessary that the enciphering 
and deciphering algorithms be difterent. 

Deciphered message M is output by output device 
23 (block 73). The transmission from the customer to 
the center of a transaction request message Is then 
55 completed. 

The following is a description of the functions (or the 
protection of irregularities in this kind cf ccrnmunications 
network system. 
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The first possible irregularity is the forgery of an en- 
ciphered message M' by the customer without the use 
of the card. With the DES system, the enciphering algo- 
rithm is public and. accordingly, it is possible that an 
equivalent algorithm can be generated using a compu- 
ter. However, even if such an algorithm is generated, 
because only a restricted number of people know the 
common key word S of the network system, and be- 
cause this key word cannot be read out from card 14, it 
is Impossible to generate enciphering key word K. So. 
it is impossible to produce enciphering message M* with- 
out card 14. 

The next possible irregularity is that a customer us- 
es his own card 14 to forge an enciphered message M' 
of another person. It is. however, impossible to rewrite 
the personal key word I that is stored in card 14 so this 
kind of irregularity is also impossible. 

The last possible irregularity is the forging of enci- 
phered message M' at the center. However, card 15. 
which is used at the center, only has the deciphering 
algorithm stored and it Is different than the enciphering 
algorithm (f ^ f*i ) so the output that can be obtained from 
input message M is 

f'^s , f,(M) * I^', 

and, accordingly, forging of enciphered message M* at 
the center is also impossible. 

According to the embodiment of this inventton. ran- 
dom number key word R is sent from the center to the 
customer terminals and is used as one of the encipher- 
ing key words. With this key word R it is possible for the 
timing of the transaction to be known at the center. Ac- 
cordingly, even tf enciphered message M' sent from the 
customer terminal is intercepted from the communica- 
tion line, the message M' is registered in the center so 
it is impossible to use it after that. 

As described above, in this embodiment only cus- 
tomers who have a card are able to encipher the input 
message. Quite clearly this means that according to this 
inventbn it is possible to use customer digital signa- 
tures. 

The network system is a 2-way network system. 
This means the customer terminal should have a record- 
ing device, random number generator and output circuit, 
the same as the central terminal. However, the use of 
the customer card and the central card remains the 
same. When the center sends a message to a customer, 
the message is enciphered according to the deciphering 
algorithm (f*') stored in the center card. In this case, ac- 
cordingly, the same message will result in different en- 
ciphered messages at the customer terminal and at the 
central terminal. 

Fig . 7 shows the situation when a l:n communica- 
tions network system is used to send messages from 
the center to customers. Namely, transaction messages 
are sent from central terminal 81 to customer terminals 
83,. 832-.. 83n via communication lines 62,. B22 - B2f^. 
The customer terminals have random number genera- 



tors and the center card 84 contains an enciphering al- 
gorithm (I), while the customer cards 55,. 652. ..65n con- 
tain deciphering algorithms (f*^). The network of Fig 7 
operates in the same way as that in Fig 1 and digital 
5 signatures are possible on the central terminal side. This 
network can be considered a center-to-customer two- 
way network. With a two-way network it is possible to 
use the center and customer side cards as is shown in 
Fig. 1. 

10 This invention is not limited to the above embodi- 
ments. The enciphering and deciphering devices are not 
limited to portable card-type devices and may be cube- 
shaped or pencil-shaped providing an electronic circuit 
is sealed inside. The enciphering and deciphering algo- 

15 fiihms are also not limited to the DES system. Any al- 
gorithm that satisfies f * f*"* and has sufficient strength 
is acceptable. There is also no particular restriction on 
the type of information that may be transmitted. 



1. A two-way communications network system in 
which a plurality of transmitting terminals {11, 83) 
2S and one receiving terminal (12. 61) are connected 
by communication lines; 

each transmitting terminal (11. 83) comprises 
an enciphering device (14, 65) for enciphering 
30 a communication message (M) to be transmit- 

ted by a sender to said receiving terminal (12, 
81). and transmitting means (23) for transmit- 
ting an output signal of said enciphering devk:e 
(1 4, 85) to said receiving terminal via a commu- 
3S nication line (13. 82); 

said receiving terminal (12, 81) comprises re- 
ceiving means (25) for receiving the en-ci- 
phered message (M*) from said transmitting ter- 
minal (11.83) and a deciphering device ( 1 5) for 
40 deciphering the received enciphered message; 

said enciphering device comprises key memo- 
ry means (32. 33. 34,53) for storing key data 
(R, I, S) which can specify the sender and the 
communication message (M) transmitted by 
*5 the sender to said receiving terminal (12, 81), 

and enciphering means (31 , 35, 36. 51 . 52. 54) 
for enciphering, according to a prescribed en- 
ciphering algorithm (f) using the key data (R, I. 
S) stored in said key menrxDry means (32-34). 
so the message (M) input from the outside to be 

transmitted to said receiving terminal (12. 81). 
and for outputting the enciphered message (M') 
and the key data (I ) which can specify the send- 
er. 

SS said deciphering device comprises key memo- 

ry means (42. 43. 4-4. 53) for storing key data 
(R.I.S) which can specify the sender and the 
communicalion message (W) transmitted by 
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the sender to said receiving termiral, and deci- 
phering means (41. 45. 46. 51. 52. 54) tor de- 
ciphering, according to a prescribed decipher- 
ing algorithnn (f*^ ) dlHerenl from the enciphering 
algorithm (f) using the key data stored in said s 
key memory means (42-44). the message (M*) 
transmitted from said transmitting terminal (11 , 
83). and for outputting the deciphered message 
(M). 

10 

characterised in that 

said key memory means and enciphering 
means of each of said enciphering and deci- 
phering devices are sealed inside said enci- 
phering and deciphering devices respectively 
such that stored key data and the enciphering 
and deciphering algorithms cannot be ac- 
cessed from the outside, 
said receiving terminal (12.81) can be used as 
a transmitting terminal and each of said trans- 
mitting terminals (11, 83) can be used as a re- 
ceiving terminal in such a manner that a mes- 
sage sent from said receiving terminal (12, 81) 
to one of said transmitting terminals (11, 83) is 2S 
enciphered using the deciphering algorithm 
(f**). and that the enciphered message is deci- 
phered at said one of said transmitting termi- 
nals (11, 83) according to the enciphering algo- 
rithm (f). 30 

2. The network system according to claim 1 , 
characterized in that said enciphering device and 
deciphering device are each a portable card con- 
taining a semiconductor circuit. 55 

3. The network system according to claim 1 , 
characterized in that 

said receiving terminal is arranged to send a « 
key word (R), which can specify the communi- 
cation, to a transmitting terminal in response to 
a request from the transmitting terminal, the key 
word being stored in said key memory means 
of said deciphering device; 
the key data stored in said key memory means 
of said enciphering device and used to encipher 
a message as well as to specify the sender and 
the communication includes a key word (I) 
which is peculiar to the sender, a common word so 
(S) shared by the network, and a key word (R) 
which specifies the communication sent from 
said receiving terminal; and 
the key data stored in said key memory means 
ol said deciphering device and used todecipher ss 
a message as well as to speciby the sender and 
the message includes the key wcrd (I) which is 
peculiar to the sender, the ccmmcn key word 



10 

(S) shared by the network, and the key word 
(R) which specifies the communication gener- 
ated by the receiving terminal. 

4. The network system according to claim 3. 
characterized in that the key word (R) which can 
specify the communication generated by said re- 
ceiving terminal is a random number generated in 
compliance with a request from the sender. 

5. The network system according to claim 1 . 
characterized in that the DES (Data Encription 
Standard) system is used as the enciphering and 
deciphering algorithms. 

6. The network system according to claims 3. 
characterized in that the key word (!) peculiar to the 
sender and the key word (S) common to the network 
are stored in said key memory means in-an unre- 
writable fomrt in said enciphering device, and the 
key word (S) common to the network is stored in 
said key memory means in an unrewritable form in 
said deciphering devk:e. 

7. The network system according to claim 3. 
characterized in that the key word (S) common to 
the network cannot be read out from said encipher- 
ing and deciphering devices. 



Patentanspfuche 

1. Zweiwege-Kommunikationsnetzwerksystem, bei 
dem mehrere Sendeterminals (1 1 , 83) und etn Emp- 
fangsterminal (12, 81) uber Kommunikationsleitun- 
gen verbunden sind. wobei: 

jedes Sendelerminal (11. 83) eine Chiftriervor- 
richtung (14, 85) zum Chiffrieren einer durch ei- 
nen Absender zum Empfangsterminal (12, 81) 
zu Obertragenden Kommunikations-Mitteilung 
Oder Nachricht (M) und eine Sendeeinheit (23) 
zum Ubertragen oder Scnden eines Ausgangs- 
signals von der Chiffriervorrichtung (14, 85) 
zum Empfangsterminal uber die Kommunikati- 
onsleitung (13, 82) aufweist, 
das Empfangsterminal (12, 81 ) eine Emplangs- 
einheit (25) zum Empfangen der chiffrierten 
Mitieilung (M') vom Sendelerminal (11. 83) und 
eine Dechiffriervorrichtung (15) zum Dechiffrie- 
ren der empfangenen chiffrierten Mitteilung 
aufweist, 

die Chiffriervorrichtung Schlusselspeicheretn- 
heiten (32, 33, 34, 53) zum Speichern von 
Schlusseldaten (R. I, S). die den Absender und 
die von diesem zum Empfangsterminal gesen- 
dete Kommunikations-Nachricht spezifizieren 
Oder bczeichnen konnen, und Chiffriereinhei- 
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ten (31, 35. 36, 51, 52, 54) zum gemafJ einem 
vorgeschriebenen Chiffrieralgcrtthmus (I) unter 
Benulzungderinden Schlusselspeichereinhei- 
ten (32-34) gespeicherten Schlusseldaten er- 
(olgenden Chiffrieren der von aut3en eingege- 5 
benen, zum Empfangsterminal (12. 61) zu 
ubertragenden Mitieilung (M) und zunn Ausge- 
ben der chiffrierien Mitteilung (M') sowie der 
Schlusseldaien (I), die den Absender bezeich* 
nen konnen, umlarjl. 

die Dechilfrien/orrichtung Schlusselspeicher- 
einheiten (42) 43. 44. 53) zunn Speichem von 
Schlusseldaten. die den Absender und die von 
diesem zum Empfangsterminal gesendete 
Kommunlkalbns-Nachricht spezifizieren oder is 
bezeichnen konnen. und Dechiffriereinheiten 
(41 . 45, 46. 51 , 52, 54) zum gemaO einem vor- 
geschriebenen Dechiffrieralgorithmus (f*'). der 
vom Chiffrieralgorithmus (t) verschieden ist. 
unter Benutzung dor in den Schiusselspeicher- so 
einheiten (42-44) gespeicherten Schlusselda- 
ten ertolgenden Dechiffrieren der vom Sende- 
terminal (11, 83) ubertragenen Mitteilung (M') 
und zum Ausgeben der dechiffrierten Mitteilung 
(M) umfafBt, 2S 

dadurch gekennzeichnet, daG 

die Schtusselspeicherernheiten und die Chrf- 
friereinheiten jeder der Chiffrier- und Dechif- 30 
friervorrichtungen innerhalb der Chiffrier- und 
Dechiffriervorrichtungen jeweils so gekapselt 
sind, daO die gespeicherten Schlusseldaten 
und die Chiffrier- und Dechiffrieralgoriihmen 
von auQen her nicht zugreifbar sind. und 3S 
wobei die Schlusselspeichereinheiten und die 
Dechiffriereinheiten innerhalb der Dechiffrier- 
vorrichtung so gekapselt sind, daf} die gespei- 
cherten Schlusseldaten und der Dechiffrieral- 
gorithmus von auf3en hier nicht zugreifbar sind. 
das Empfangsterminal (12. 61) als Sendeter- 
minal und jedes der Sendeterminals (11, 83) als 
Empfangs-terminals so benutzbar sind, da3 ei- 
ne von dem Empfangsterminal (12. 81) einem 
der Sendeterminals (11, 83) gesendete Mittei- 
lung unter Benutzung des Dechiffrieralgorith- 
mus (f) chiffrierl wird und daf3 die chiffrierte 
Mitteilung an dem einen der Sendeterminals 
nach dem Chiffrieralgorithmus (f) dechiffriert 
wird. 50 

2. Netzw/erksystem nach Anspruch 1, dadurch ge- 
kennzeichnet. dafj die Chiffriervorrichtung und die 
Dechiffrlervorrichtung jeweils eine tragbare Karte 
sind, die eine Halbleiterschaltung enthalt. ss 

3. Netzwerksystem nach Anspruch 1. dadurch ge- 
kennzeichnet, da3 das Empfangsterminal ausge- 



legl ist zum Senden eines Schlussefv/ortes (R). das 
die Nachricht zu bezeichnen vermag, zu einem 
Sendeterminal in Abhangigkeit vcn einer Anlorde- 
rung vom Sendeterminal. wobei das Schlusselwort 
in den Schlusselspeichereinheiten dor Dechiffrier- 
vorrichiung gespeichert ist, 

die in den Schlusselspeichereinheiten der Chif- 
friervorrichtung gespeicherten und zum Chif- 
frieren einer Mitteilung sowie zum Bezeichnen 
des Absenders und der Nachricht benulzten 
Schlusseldaten ein fur den Absender eigen- 
tumliches Schlusselwor: (I), ein vom Netzwerk 
gemeinsam genutztes Sammelwort (S) und ein 
Schlusselwort (R), das die vom Empfangster- 
minal gesendete Nachricht bezeichnet. enlhal- 
ten und 

die in den Schlusselspeichereinheiten der De- 
chiffriervorrichtung gespeicherten und zum De- 
chiffrieren einer Mitteilung sowie zum Bezeich- 
nen des Absenders und der Mitteilung benutz- 
ten schlusseldaten das fur den Absender ei- 
gentumliche Schlusselwort (I), das vom Netz- 
werk gemeinsam genutzte Sammelwort (S) 
und das Schlusselwort (R) zum Bezeichnen der 
vom Empfangsterminal erzeugien Nachricht 
enthalten. 

4. Netzwerksystem nach Anspruch 1, dadurch ge- 
kennzeichnet. daO das Schlusselwort (R). das die 
vom Empfangsterminal erzeugte Nachricht be- 
zeichnen kann. eine Zufallszahl ist. die nach 
MaQgabe einer Anforderung vom Absender erzeugt 
wird. 

5. Netzwerksystem nach Anspruch 1, dadurch ge- 
kennzeichnet, daO als Chiffrier- und Dechiffrieralgo- 
rithmen das DES-(Date Encriplion Slandard)-Sy- 
stem zugrundegelegt ist. 

6. Netzwerksystem nach Anspruch 3, dadurch ge- 
kennzeichnet. daO das fur den Absender eigentum- 
liche Schlusselwort (I) und das dem Netzwerk ge- 
meinsam zugeordnete Schlusselwort (S) in den 
Schlusselspeichereinheiten in einer in die Chiffrier- 
vorrichtung nicht-wiedereinschreitbaren Form ge- 
sperchert sind und das dem Netzwerk gemeinsam 
zugeordnete Schlusselwort (S) in den Schlussel- 
speichereinheiten in einer in die Dechiffrien/orrich- 
tung nicht-wiedereinschreibbaren Form gespei- 
chert ist. 

7. Netzwerksystem nach Anspruch 3, dadurch ge- 
kennzeichnet. da3 das dem Netzwerk gemeinsam 
zugeordnete Schlusselwort (S) aus Chiffrier- und 
Dechiffrlervorrichtung nicht auslesbar ist. 
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Revendications 

1. Un syst6me de reseau de communcation bidirec- 
tionnel dans lequel un ensemble de terminaux 
6meneurs (11. 83) et un terminal recepteur (12. 81) 
soni connectes par des lignes de ccrr.municatton. 

cheque terminal 6metteur (ll, £3) comprend 
un dtspositif de cryptage (14, £5) pour crypter 
un message de communication (VI) qui doit Stre 
6mis par un emetteur vers le terminal recepteur 
(12. 81). et des moyens d'emlss.on (23) pour 
^mettre un signal de sortie du disposrlif de cryp- 
tage (1 4. 85) vers le terminal recepteur par Tin- 
lermddiaire d'une llgne de communication (13. 
62) : 

le terminal recepteur (12. 81) comprend des 
moyens de reception (25) qui sont destines d 
recevoir le message crypte (M ) provenant du 
terminal 6metleur (11, 83). et un dispositif de 
decryptage (15) pour decrypter le message 
crypt6 re^u ; 
- te dispositif de cryptage comprend des moyens 
de m6moire de cle (32, 33. 34, 53) pour enre- 
gistrer des donn^es de cle (R, I, S) qui peuvent 
specifier Temetteur et le message de commu- 
nication (M) §m;s par I'^metteur vers le terminal 
recepteur (12. 61), et des moyens de cryptage 
(31, 35. 36. 51. 52. 54) pour crypter. con(orm§- 
ment d un algorithme de cryptage (f) determine, 
en utilisant les donnees de cle (R. I. S) qui sont 
enregistr^es dans les moyens de m6moire de 
cle (32-34). le message (M) qui est introduit de 
I'exterleur pour fitre 6mis vers le terminal recep- 
teur ( 1 2. 8 1 ). et pour presenter en sortie le mes- 
sage crypte (M*) et les donn6es de cl6 (I) qui 
permettent de sp6ci(ier remeiteur, 
le dispositif de decryptage comprend des 
moyens de m^molre de cle (42. 43, 44, 53) pour 
enregistrer des donndes de de (R. I , S) qui peu- 
vent specifier Temetteur et le message de com- 
munication (M) 6mis par t'emetteur vers le ter- 
minal recepteur, et des moyens de decryptage 
(41, 45, 56, 51. 52, 54) pour ddcrypter, confor- 
rnement a un algorithme de decryptage (^') de- 
termine, different de Talgorithme de cryptage 
(f), en utilisant les donnees de cle qui sont en- 
registries dans les moyens de m6morre de cl6 
(42-44), le message (M') qui est emis par le ter- 
minal emetteur (11, 83), et pour presenter en 
sortie le message d6crypte (M), 

caracterisd en ce que les moyens de memoire 
de cle et les moyens de cryptage de chacun des 
dispositifs de cryptage et de decryptage sont res- 
peclivement enfermes de fa9on inviolable ^ rint6- 
rieur des dispositifs de cryptage et de decryptage, 
de fapon qu'il soit impossible d'acceder de Texte- 



4. 



$s 



rieur aux donn6es de cle enregistrees et aux algo- 
rithmes de cryptage et de decr/ptage. 

le terminal recepteur (12, 81) peut 6tre utilise 
en terminal emetteur, et chacun des terminaux 
emetteurs peut etre utilise en terminal recepteur de 
maniere qu'un message qui est emis par le terminal 
emetteur (12. 81) vers I'un des terminaux r^cep- 
teurs soit cryptd en utilisant I'algorithme de decryp- 
tage (f*^). et que le message crypte soit decrypte 
dans ce terminal recepteur (11. 63) conformement 
a I'algorithme de cryptage (f). 

Le systeme de reseau selon la revendication 1 . ca- 
racterise en ce que le dispositif de cryptage et le 
dispositif de decryptage sont respectivement cons- 
titues par une carte portable contenant un circuit a 
semiconducteurs. 

Le systeme de reseau selon la revendication 1 . ca- 
racterise en ce que : 

le terminal recepteur est congu pour 6mettre un 
mot de cle (R). qui peut specifier la communi- 
cation, vers le terminal emetteur. en r6ponse k 
une demande provenant du terminal emetteur, 
le mot de cle etant enregistre dans les moyens 
de memoire de cle du dispositif de decryptage ; 
les donnees de cle qui sont enregistrees dans 
les moyens de memoire de cie du dispositif de 
cryptage et qui sont utilisees pour crypter un 
message, ainsi que pour specifier I'emelteur et 
la communication, comprennent un mot de cI6 
(1) qui est propre & remetteur. un rrkot commun 
(S) qui est utilise en commun par le r6seau, et 
un mot de cle (R) qui specifie la communication 
qui est emise par le terminal recepteur ; et 
les donnees de cie qui sont enregistrees dans 
les moyens de memoire de cle du dispositif de 
decryptage el qui sont utilisees pour decrypter 
un message ainsi que pour specifier I'emetteur 
et le message, comprennent le mot de cI6 (I) 
qui est propre d i'emetteur. le mot de cie com- 
mun (S) qui est utilise en commun par le re- 
seau, et le mot de cie (R) qui specifie la com- 
munication qui est generee par le terminal re- 
cepteur 

Le systeme de reseau selon ta revendication 3. ca- 
racterise en ce que le mot de cie (R) qui peut spe- 
cifier la communication generee par le terminal re- 
cepteur, est un nombre aieatoire qui est g6n6re en 
reponse a une demande provenant de remetteur. 

Le systeme de reseau selon la revendication 1. ca- 
racterise par Tutilisation du systeme DES (Data En- 
criptton Standard) pour les atgorithmes de cryptage 
et de decryptage. 
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6. Le syst^me de rdseau selon la revendication 3, ca- 
racterise en ce que le mot de cle (I) propre d remet- 
teur et te mot de cid (S) commun au rdseau sent 
enregistres dans les moyens de memoire de cle 
sous une fomne qui ne permet pas la r^^criture dans s 
le dispositit de cryptage, et le mot de cl6 (S) com- 
mun au reseau est enregistre dans les moyens de 
mdmoire de cid sous une forme ne permettant pas 

la r^ecrlture dans le dispositif de d^cryptage. 

10 

7. Le systeme de reseau selon la revendication 3. ca- 
ractSrlsd en ce que le mot de cl6 (S) commun au 
rdseau ne peut pas dtre lu dans les dispositifs de 
cryptage et de decryptage. 

IS 



20 



2$ 



30 



35 



40 



4S 



SO 



9 



EPO 166 541 B2 




r' 



L 



IC 

CARD 



21 

1_ 




14 



M(M') 



CARD 

READER 

WRITER 



M 



INPUT 
DEVICE 



^22 



F I G. 2 



II 



tij 

tr 



23 



12 



I 



13 



RECORDING 
DEVICE 



25 



INTERFACE 



M' 



28 
_i_ 



OUTPUT 
DEVICE 



M 



29- 



15 

X 



'IC 
CARD 



M'(M) 



~l 



CARD 

READER 

WRITER 



R 



RANDOM 
NUMBER 
GEN. 



10 



1 » * 



EP0 1 66 541 B2 



F I G. 3 



14 



34 
_j 



33 



MEMORY 



MEMORY 



32 

_j 



MEMORY 



KE 
GE 


Y 

:n. 




K 


ENCIPHERING 
CKT 


36 


M 



-35 



M' 



31 



INPUT/ 
OUTPUT 
CONTROL 



•M,R 
-M',I 



F I G. 4 



15 



M', I 
M,R 



42 

S 



MEMORY 



43 

__i 



MEMORY 



H 



44 



MEMORY 



45- 



41 

S 



KEY 
GEN. 



INPUT/ 
OUTPUT 
CONTROL 



46 



M 



DECIPHERING 
CKT 



M' 



11 



EP 0 1 66 541 B2 



F 

14(15) 



G. 5 



54 




51 




53 

S 


y 










I/O 
INTERF/ 




CPU 




DATA 
MEMORY 
















PROGRAM 
MEMORY 


— 52 



FIG. 7 CUSTOMERS 




e3n S5n 



12 



EP0 166 541 B2 



F I G. 6 



CUSTOMER (H) 
i 1 



c 



START ^ 



LOAD 
CARD 



6f 

V 



REQUEST 
RANDOM 
NUMBER (R) 



62 

y 



66 



s r 



STORE (R) 
IN CARD 




ENCIPHER 
MESSAGE 
fS,I,R(M)=M' 



69 



TRANSMIT 
M'a KEY(I) 



REG 




M*, I 



CENTER (12) 




RECORD 



INPUT 
M\ I a R 
IN CARD 



I 



DECIPHER (M') 
fs"^I,R(M')=M 

I 



-70 



-71 



^72 




13 



